When using ssls.com the Common Namemust include the
www
i.e. www.hatherleigh.info rather than hatherleigh.info.

Generate your certificate request and private key:

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
Generating a 2048 bit RSA private key
..................+++
.........................................+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code)[AU]:GB
State or Province Name (full name)[Some-State]:Devon
Locality Name (eg, city)[]:Okehampton
Organization Name (eg, company)[Internet Widgits Pty Ltd]:www.hatherleigh.info
Organizational Unit Name (eg, section)[]:
Common Name (e.g. server FQDN or YOUR name)[]:www.hatherleigh.info
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Note

Country code for the UK is GB

Note

Do not enter the email address, challenge password or optional
company name). Just press Enter to ignore.

This process will generate two files, server.csr (the certificate request)
and server.key (the private key).

Instructions for http://www.ssls.com/ are similar. See the section
above for instructions on generating a certificate request.

Using https://www.startssl.com/, enter the Validations Wizard and choose
Domain Validation, enter the Domain Name, select a
Verification Email and then enter the verification code sent to the selected
email address.

To acheieve this we added a blank line to the ssl.crt file, re-concatenated,
used fabdomain:www.hatherleigh.infossl to place the new file on the server and
then re-started nginx with servicenginxrestart on the server as root.